Cloud computing refers to a computing environment for enabling on-demand network access to a shared pool of computing resources. Many cloud computing services involve virtualized resources and may take the form of web-based tools or applications that users can access and use through a web browser as if they were programs installed locally on their own computers. The data stored for users of such systems are typically hosted in computing systems located in a computing data center. The location for such a data center may be selected to provide easy access to the data from the users of the remote presentation system.
One benefit of server virtualization technology in cloud computing is virtual machine migration. The ability to migrate a virtual machine from one physical host to another can significantly boost a company's disaster recovery efforts and improve business agility. Migration may also be useful when an administrator needs to shut down a physical server for maintenance or upgrades because such server downtimes no longer result in application downtime.
Virtual machine live migration allows for the migration of a virtual machine from one physical host to another without significantly interrupting application availability. Live migration may involve capturing a virtual machine's complete memory state and the state of all its processor registers and sending that data to memory space on another server. That server may then load the processor registers, and the virtual machine can pick up where it left off.
However, when users and administrators do not follow virtualization best practices for virtual machine migration, the virtual machine infrastructure can be susceptible to security risks. For example, migrating a virtual machine with customer credit card data to a host that also runs a public web server may violate the Payment Card Industry Data Security Standard. Without having a proper change management system in place, virtual machine migration can also violate corporate policies. When a virtual machine is migrated, management software, provisioning software, and integrated process management tools can help address such security and compliance concerns.
Such concerns include account or service hijacking, phishing, fraud, and exploitation of software vulnerabilities. Credentials and passwords are often reused, which amplifies the impact of such attacks. Cloud services add a new threat to the landscape. For example, if an attacker gains access to user/administrator credentials, the attacker can eavesdrop on user/administrator activities and transactions, manipulate data, return falsified information, and redirect user clients to illegitimate sites. User account or service instances may then become a new base for the attacker. From there, attackers can leverage the power of user reputation to launch subsequent attacks.